Information Security Implications of Sarbanes-Oxley

The purpose of this article is to inform and educate the Information Security (IS) professional about some of the key/fundamental tenets of Sarbanes-Oxley (SOX), especially in the context of Confidentiality, Integrity and Availability of information, the three cornerstones of every security initiative. The focus is on such Sections of the Act as 404 (Internal Controls), 302 (Management Certifications), 806 (Whistleblower Protections), 409 (Real Time Disclosures), 802 (Alteration of Documents), amongst others. The purpose is to develop an appreciation and understanding of IS requirements and implications of SOX, and likewise to better understand how SOX can provide a basic roadmap for IS that every professional, department and organization may be able to use.